The official PGP user's guide
Small worlds in security systems: an analysis of the PGP certificate graph
Proceedings of the 2002 workshop on New security paradigms
| Hi-index | 0.00 |
Voice-over-IP protocols (e.g., SIP) are vulnerable to many types of attacks. One core challenge in preventing VoIP attacks is to assess the trustworthiness of the caller's identity. Further, spoofing attacks must be prevented by verifying that the call has been initiated by the user belonging to the caller's identity. In this paper, we propose to adapt a Web-of-Trust model to real-time communication in order to assess the trustworthiness of incoming VoIP calls based on the social relationships among users. We present the design of a system which is capable of cryptographically verifying trust chains associated with VoIP users in real-time, i.e., with minimal overhead during the regular processing of signaling messages. We highlight the benefits of such a system as well as its limitations, discuss open issues, and finally present an evaluation of the proposed approach based on a prototypical implementation. Our results show that indeed real-time cryptographic verification of trust chains among users is feasible for VoIP communications.